7.5
CVE-2020-9392
- EPSS 1.68%
- Veröffentlicht 23.03.2020 17:15:15
- Zuletzt bearbeitet 21.11.2024 05:40:33
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginPricing Table by Supsystic <= 1.8.1 - Missing Authorization on AJAX Actions
An issue was discovered in the pricing-table-by-supsystic plugin before 1.8.2 for WordPress. Because there is no permission check on the ImportJSONTable, createFromTpl, and getJSONExportTable endpoints, unauthenticated users can retrieve pricing table information, create new tables, or import/modify a table.
Mögliche Gegenmaßnahme
Pricing Table by Supsystic: Update to version 1.8.2, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Supsystic ≫ Pricing Table By Supsystic SwPlatformwordpress Version < 1.8.2
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Pricing Table by Supsystic
Version
*-1.8.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.68% | 0.739 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.3 | 3.9 | 3.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
| cve@mitre.org | 7.3 | 3.9 | 3.4 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
|
CWE-276 Incorrect Default Permissions
During installation, installed file permissions are set to allow anyone to modify those files.
https://www.wordfence.com/blog/2020/02/multiple-vulnerabilities-patched-in-pricing-table-by-supsystic-plugin/
https://www.wordfence.com/threat-intel/vulnerabilities/id/7bdebd9c-f6fb-4de7-bd6b-5f52ef34ffb3